creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/detecting-qr-code-phishing-with-email-security/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.4 KiB
Raw Blame History

API Reference: QR Code Phishing Detection

pyzbar — QR/Barcode Decoding

Installation

pip install pyzbar Pillow
# On Linux: apt-get install libzbar0

Core Functions

from pyzbar.pyzbar import decode
from PIL import Image

results = decode(Image.open("qr.png"))
for r in results:
    print(r.type)     # "QRCODE"
    print(r.data)     # b"https://..."
    print(r.rect)     # Rect(left=40, top=40, width=200, height=200)

Decoded Object Attributes

Attribute Type Description
data bytes Decoded content
type str Barcode type (QRCODE, EAN13, etc.)
rect Rect Bounding rectangle
polygon list Corner points
quality int Decode quality score

Python email Module — EML Parsing

Parsing an EML file

import email
from email import policy

with open("message.eml", "rb") as f:
    msg = email.message_from_binary_file(f, policy=policy.default)

subject = msg["Subject"]
sender = msg["From"]

Walking MIME Parts

for part in msg.walk():
    ctype = part.get_content_type()
    if ctype.startswith("image/"):
        payload = part.get_payload(decode=True)
        filename = part.get_filename()

URL Analysis Indicators

Suspicious TLD List

.xyz, .top, .club, .work, .buzz, .tk, .ml, .ga, .cf, .gq

Phishing URL Patterns

Pattern Risk
IP address in domain High
Domain > 40 chars Medium
HTTP (no TLS) Medium
3+ subdomains Medium
URL shortener High
Base64 in path High

Microsoft Defender for Office 365 — Safe Links API

Check URL reputation

POST https://graph.microsoft.com/v1.0/security/tiIndicators
Content-Type: application/json
Authorization: Bearer {token}

{
  "targetProduct": "Azure Sentinel",
  "threatType": "Phishing",
  "url": "https://suspicious-domain.xyz/login"
}

VirusTotal URL Scan API

Submit URL

POST https://www.virustotal.com/api/v3/urls
x-apikey: {API_KEY}
Content-Type: application/x-www-form-urlencoded

url=https://suspicious-domain.xyz

Response Fields

Field Description
data.attributes.last_analysis_stats.malicious Engines flagging as malicious
data.attributes.last_analysis_stats.harmless Engines flagging as clean
data.attributes.categories URL categorization
Reference in New Issue View Git Blame Copy Permalink